Samba4 ADS BDC howto/help/status, please?

Kai Blin kai at samba.org
Fri Jan 22 01:41:18 MST 2010


On Friday 22 January 2010 09:02:15 Matthias Dieter Wallnöfer wrote:
> Brian Dickson wrote:
[...]
> > The mappings UID/GID would be one-way only, on one host, so the scope is
> > very limited. No conflicts, no race conditions, no data sharing, just
> > authentication (and creating home directories, natch.)
> >
> > So, my questions are:
> >
> > (1) Will Samba4 in its current state, be able to handle this?
> 
> I think it should work. As Winbind daemon I suggest the s4 one at least
> for now, I'm a bit unsure if the s3 one already works fully against s4
> (since we on the s4 side lack the support for some query constraints -

On the contrary, I would recommend Samba 3 with Samba 3 winbindd as domain 
member for the setup you describe. If I understand you correctly, you need the 
linux machine to authenticate users against the AD domain, possibly for other 
services running on the linux box like Squid, Radius or whatever else. In my 
opinion Samba 4 winbind is not up to the job yet, and Samba 4 can't use the 
Samba 3 winbindd either. So assuming you don't need the linux box to be 
another domain controller, Samba 3 should be able to handle the job just fine.

> this bug shows what I mean:
> https://bugzilla.samba.org/show_bug.cgi?id=6511). Maybe someone more
> involved with winbind like Kai could answer this better.

Actually this bug is about S4 failing to provide the information S3 member 
servers expect to receive via winbind. This has nothing to do with using the 
S3 winbindd while actually running Samba 4, which also fails but for entirely 
different reasons.

Cheers,
Kai

-- 
Kai Blin
WorldForge developer  http://www.worldforge.org/
Wine developer        http://wiki.winehq.org/KaiBlin
Samba team member     http://www.samba.org/samba/team/
--
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100122/d7f87ebc/attachment.pgp>


More information about the samba-technical mailing list